with courtesy of pakgrid group: read below (all in quotes)
This is a very serious issue and needs us to escalate this via the electronic media as well as print. I am aware of the underpinnings behind this renewal and it is dangerous for anyone and everyone because of the loosely worded powers that have been given in the Cyber Crime Ordinance. There is no effort to training and educate not only the Police, Judiciary, Lawyers, support ‘IT experts’ and most of the poor blokes against whom this will be used.
Now for example: if your address gets spoofed via intelligent proxies and a mail is sent to an address which is rated by US or UK or Pakistan as being ‘subversive’, you are in a for a interesting time in a police cell until someone can trace and establish that you are not the one (in front of a judge who will not understand anything) and pay loads of cash for bribes so that you are not mentioned on an FIR. It will become even more ‘interesting’ if there is a Trojan in a person’s PC, which provides back door access and uses your machine as a mail server for webmail broadcast or simple mail. Any investigation will show that the particular IP address was in your use at that time, was the originating source of this or any mail. Well it will be the Pakistani Guantanamo for you. This is a real case we have had to deal with.
Last Updated ( Wednesday, 19 November 2008 10:51 )
Having double masters in Software engineering (Pakistan) and Information security (Sweden) , I always think that current strategy of dealing security bugs are wrong. i.e. we are always try to cover the application from outside with IDS/IPS and firewalls. This has created so great hype that whenever you talked to some C-executive about IT Security he spontaneously imagine "Firewall" back in his mind. .. " Oh you need security go and get a firewall... :)) "
As a software engineer i know the problems lies deeply inside the software , which will not solve by hiding the application with firewall. It was one of the motive to start a forum "builtinsecurity" (builtinsecurity.org) to discus application/software security issues with some solutions.
The softwre security market is now passing from an "early adaptor phase" as discussed in the following article . Read here.
This is an example of removing another brick of privacy along with what i have blogged previously "Good bye privacy". Now they can even listen what you speak ... enjoy being victim of fixed IP networks unless you learn how to defend your rights technically ... read below
"There has long been speculation that Skype may contain a back door. Because the vendor has not revealed details of its proprietary Skype protocol or of how the client works, questions as to what else Skype is capable of and what risks are involved in deploying it in an enterprise environment remain open." sources n read more
In the security field you too often hear the senteneces like "this is an unfamillar attack BUT WE SUFFERED NO DAMAGE AND NO INFORMATIO LEAK" , question is what is the meaning of "NO" in those type of sentences.
The same story you can read:
"Hackers recently targeted Naver, Korea's largest Internet portal, in a ever-before-seen kind of attack. Choi Whee-young, CEO of Naver's parent NHN, said in a meeting with reporters Thursday that Naver users recently had trouble accessing the portal's cafes because it had to temporarily lock access after detecting new kinds of hacker attacks." Read here
NIST announced released of two publications: Special Publication (SP) 800-113, Guide to SSL VPNs, and draft SP 800-124, Guidelines on Cell Phone and PDA Security.
"SP 800-113, Guide to SSL VPNs, seeks to assist organizations in understanding Secure Sockets Layer (SSL) virtual private network (VPN) technologies. The publication also makes recommendations for designing, implementing, configuring, securing, monitoring, and maintaining SSL VPN solutions. SP 800-113 provides a phased approach to SSL VPN planning and implementation that can help in achieving successful SSL VPN deployments. It also includes a comparison with other similar technologies such as IPsec VPNs and other VPN solutions"
"Draft SP 800-124, Guidelines on Cell Phone and PDA Security, is available for public comment. It provides an overview of cell phone and personal digital assistant (PDA) devices in use today and offers insights for making informed information technology security decisions regarding their treatment. SP 800-124 gives details about the threats, technology risks, and safeguards for these devices. NIST requests comments on draft SP 800-124 by August 8, 2008. "
